FSB Used Israeli Firm Cellebrite Software to Hack Russian Dissident Pivovarov's Phone

Russian opposition politician Andrei Pivovarov reported that the FSB broke into his iPhone using equipment from Israeli firm Cellebrite in 2021 while he was in detention. Citizen Lab researchers confirmed the phone was hacked with the UFED tool around June 17, 2021. Messages found on the phone became the basis for charges that Pivovarov allegedly continued criminal activity as head of "Open Russia".

Russian opposition politician and former "Open Russia" leader Andrei Pivovarov reported on June 25 on his Telegram channel that the FSB broke into his iPhone 12 using software from Israeli firm Cellebrite. Specialists from research organization Citizen Lab confirmed the finding and clarified that the hacking took place around June 17, 2021, when the politician was in detention.

How the hacking occurred

According to Citizen Lab's analysis, Russian authorities used Cellebrite's product Universal Forensic Extraction Device (UFED), which allows all data to be extracted from a device. According to Pivovarov, investigators used the text messages obtained from the phone to construct a claim that he had continued "criminal activity" as head of "Open Russia". Moreover, they were searching this correspondence for the names of people who were engaged in political activity at the time and are engaged in it now. In reality, they pumped out all the information from there," wrote Pivovarov.

Cellebrite left Russia before the hacking

Particularly notable is a fact that Citizen Lab highlights in its investigation: Cellebrite announced on March 18, 2021 that it was leaving Russia and Belarus, yet Pivovarov's phone was hacked nearly three months later, in mid-June of the same year. This suggests that Russian security agencies continued to use the company's devices even after its official departure.

Cellebrite is the world's leading supplier of hacking devices for Android and iOS-based phones. Russian authorities have used the same software to break into the phones of Aleksei Navalny associate Lyubov Sobol and Dmitri Ivanov, administrator of the "Protest MGU" public account. US authorities used Cellebrite in 2024 to open the phone of Thomas Matthew Crooks, who carried out the attack on Trump in Pennsylvania.

Release and "foreign agent" designation

Pivovarov was detained in May 2021 in connection with activity in an "undesirable organization," namely "Open Russia," which he himself dissolved in May 2021 before his arrest. In 2024 he was exchanged in a major prisoner swap between Russia and Western countries and handed over to Germany. After his release, however, Russian authorities designated him a "foreign agent".